@atproto/jwk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/LICENSE.txt +7 -0
- package/dist/alg.d.ts +3 -0
- package/dist/alg.d.ts.map +1 -0
- package/dist/alg.js +90 -0
- package/dist/alg.js.map +1 -0
- package/dist/errors.d.ts +24 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +62 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +27 -0
- package/dist/index.js.map +1 -0
- package/dist/jwk.d.ts +2424 -0
- package/dist/jwk.d.ts.map +1 -0
- package/dist/jwk.js +112 -0
- package/dist/jwk.js.map +1 -0
- package/dist/jwks.d.ts +1770 -0
- package/dist/jwks.d.ts.map +1 -0
- package/dist/jwks.js +12 -0
- package/dist/jwks.js.map +1 -0
- package/dist/jwt-decode.d.ts +6 -0
- package/dist/jwt-decode.d.ts.map +1 -0
- package/dist/jwt-decode.js +20 -0
- package/dist/jwt-decode.js.map +1 -0
- package/dist/jwt-verify.d.ts +20 -0
- package/dist/jwt-verify.d.ts.map +1 -0
- package/dist/jwt-verify.js +3 -0
- package/dist/jwt-verify.js.map +1 -0
- package/dist/jwt.d.ts +1785 -0
- package/dist/jwt.d.ts.map +1 -0
- package/dist/jwt.js +150 -0
- package/dist/jwt.js.map +1 -0
- package/dist/key.d.ts +38 -0
- package/dist/key.d.ts.map +1 -0
- package/dist/key.js +131 -0
- package/dist/key.js.map +1 -0
- package/dist/keyset.d.ts +41 -0
- package/dist/keyset.d.ts.map +1 -0
- package/dist/keyset.js +234 -0
- package/dist/keyset.js.map +1 -0
- package/dist/util.d.ts +48 -0
- package/dist/util.d.ts.map +1 -0
- package/dist/util.js +143 -0
- package/dist/util.js.map +1 -0
- package/package.json +38 -0
- package/src/alg.ts +98 -0
- package/src/errors.ts +56 -0
- package/src/index.ts +10 -0
- package/src/jwk.ts +141 -0
- package/src/jwks.ts +15 -0
- package/src/jwt-decode.ts +27 -0
- package/src/jwt-verify.ts +22 -0
- package/src/jwt.ts +173 -0
- package/src/key.ts +93 -0
- package/src/keyset.ts +240 -0
- package/src/util.ts +181 -0
- package/tsconfig.build.json +8 -0
- package/tsconfig.json +4 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAKvB,eAAO,MAAM,eAAe,kGAGuB,CAAA;AAEnD,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AACvD,eAAO,MAAM,WAAW,SAAU,OAAO,4CACA,CAAA;AAEzC,eAAO,MAAM,iBAAiB,wFAGqB,CAAA;AAEnD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAC3D,eAAO,MAAM,aAAa,SAAU,OAAO,kCACA,CAAA;AAE3C;;GAEG;AACH,eAAO,MAAM,eAAe;IAC1B,yCAAyC;;IAEzC,2CAA2C;;IAE3C,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;IAW5C,sCAAsC;;IAEtC,yCAAyC;;IAEzC,uDAAuD;;IAEvD,kEAAkE;;IAElE,yEAAyE;;IAEzE,oCAAoC;;IAEpC,4CAA4C;;IAE5C,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEzC,CAAA;AAEF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AAGvD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;YApC3B,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;4CA2BzC,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA3B5C,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAAzC,yCAAyC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+IzC,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA"}
|
package/dist/jwt.js
ADDED
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.jwtPayloadSchema = exports.jwtHeaderSchema = exports.isUnsignedJwt = exports.unsignedJwtSchema = exports.isSignedJwt = exports.signedJwtSchema = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
const jwk_js_1 = require("./jwk.js");
|
|
6
|
+
const util_js_1 = require("./util.js");
|
|
7
|
+
exports.signedJwtSchema = zod_1.z
|
|
8
|
+
.string()
|
|
9
|
+
.superRefine(util_js_1.jwtCharsRefinement)
|
|
10
|
+
.superRefine((0, util_js_1.segmentedStringRefinementFactory)(3));
|
|
11
|
+
const isSignedJwt = (data) => exports.signedJwtSchema.safeParse(data).success;
|
|
12
|
+
exports.isSignedJwt = isSignedJwt;
|
|
13
|
+
exports.unsignedJwtSchema = zod_1.z
|
|
14
|
+
.string()
|
|
15
|
+
.superRefine(util_js_1.jwtCharsRefinement)
|
|
16
|
+
.superRefine((0, util_js_1.segmentedStringRefinementFactory)(2));
|
|
17
|
+
const isUnsignedJwt = (data) => exports.unsignedJwtSchema.safeParse(data).success;
|
|
18
|
+
exports.isUnsignedJwt = isUnsignedJwt;
|
|
19
|
+
/**
|
|
20
|
+
* @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4}
|
|
21
|
+
*/
|
|
22
|
+
exports.jwtHeaderSchema = zod_1.z.object({
|
|
23
|
+
/** "alg" (Algorithm) Header Parameter */
|
|
24
|
+
alg: zod_1.z.string(),
|
|
25
|
+
/** "jku" (JWK Set URL) Header Parameter */
|
|
26
|
+
jku: zod_1.z.string().url().optional(),
|
|
27
|
+
/** "jwk" (JSON Web Key) Header Parameter */
|
|
28
|
+
jwk: zod_1.z
|
|
29
|
+
.object({
|
|
30
|
+
kty: zod_1.z.string(),
|
|
31
|
+
crv: zod_1.z.string().optional(),
|
|
32
|
+
x: zod_1.z.string().optional(),
|
|
33
|
+
y: zod_1.z.string().optional(),
|
|
34
|
+
e: zod_1.z.string().optional(),
|
|
35
|
+
n: zod_1.z.string().optional(),
|
|
36
|
+
})
|
|
37
|
+
.optional(),
|
|
38
|
+
/** "kid" (Key ID) Header Parameter */
|
|
39
|
+
kid: zod_1.z.string().optional(),
|
|
40
|
+
/** "x5u" (X.509 URL) Header Parameter */
|
|
41
|
+
x5u: zod_1.z.string().optional(),
|
|
42
|
+
/** "x5c" (X.509 Certificate Chain) Header Parameter */
|
|
43
|
+
x5c: zod_1.z.array(zod_1.z.string()).optional(),
|
|
44
|
+
/** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter */
|
|
45
|
+
x5t: zod_1.z.string().optional(),
|
|
46
|
+
/** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter */
|
|
47
|
+
'x5t#S256': zod_1.z.string().optional(),
|
|
48
|
+
/** "typ" (Type) Header Parameter */
|
|
49
|
+
typ: zod_1.z.string().optional(),
|
|
50
|
+
/** "cty" (Content Type) Header Parameter */
|
|
51
|
+
cty: zod_1.z.string().optional(),
|
|
52
|
+
/** "crit" (Critical) Header Parameter */
|
|
53
|
+
crit: zod_1.z.array(zod_1.z.string()).optional(),
|
|
54
|
+
});
|
|
55
|
+
// https://www.iana.org/assignments/jwt/jwt.xhtml
|
|
56
|
+
exports.jwtPayloadSchema = zod_1.z.object({
|
|
57
|
+
iss: zod_1.z.string().optional(),
|
|
58
|
+
aud: zod_1.z.union([zod_1.z.string(), zod_1.z.array(zod_1.z.string()).nonempty()]).optional(),
|
|
59
|
+
sub: zod_1.z.string().optional(),
|
|
60
|
+
exp: zod_1.z.number().int().optional(),
|
|
61
|
+
nbf: zod_1.z.number().int().optional(),
|
|
62
|
+
iat: zod_1.z.number().int().optional(),
|
|
63
|
+
jti: zod_1.z.string().optional(),
|
|
64
|
+
htm: zod_1.z.string().optional(),
|
|
65
|
+
htu: zod_1.z.string().optional(),
|
|
66
|
+
ath: zod_1.z.string().optional(),
|
|
67
|
+
acr: zod_1.z.string().optional(),
|
|
68
|
+
azp: zod_1.z.string().optional(),
|
|
69
|
+
amr: zod_1.z.array(zod_1.z.string()).optional(),
|
|
70
|
+
// https://datatracker.ietf.org/doc/html/rfc7800
|
|
71
|
+
cnf: zod_1.z
|
|
72
|
+
.object({
|
|
73
|
+
kid: zod_1.z.string().optional(), // Key ID
|
|
74
|
+
jwk: jwk_js_1.jwkPubSchema.optional(), // JWK
|
|
75
|
+
jwe: zod_1.z.string().optional(), // Encrypted key
|
|
76
|
+
jku: zod_1.z.string().url().optional(), // JWK Set URI ("kid" should also be provided)
|
|
77
|
+
// https://datatracker.ietf.org/doc/html/rfc9449#section-6.1
|
|
78
|
+
jkt: zod_1.z.string().optional(),
|
|
79
|
+
// https://datatracker.ietf.org/doc/html/rfc8705
|
|
80
|
+
'x5t#S256': zod_1.z.string().optional(), // X.509 Certificate SHA-256 Thumbprint
|
|
81
|
+
// https://datatracker.ietf.org/doc/html/rfc9203
|
|
82
|
+
osc: zod_1.z.string().optional(), // OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation
|
|
83
|
+
})
|
|
84
|
+
.optional(),
|
|
85
|
+
client_id: zod_1.z.string().optional(),
|
|
86
|
+
scope: zod_1.z.string().optional(),
|
|
87
|
+
nonce: zod_1.z.string().optional(),
|
|
88
|
+
at_hash: zod_1.z.string().optional(),
|
|
89
|
+
c_hash: zod_1.z.string().optional(),
|
|
90
|
+
s_hash: zod_1.z.string().optional(),
|
|
91
|
+
auth_time: zod_1.z.number().int().optional(),
|
|
92
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
|
|
93
|
+
// OpenID: "profile" scope
|
|
94
|
+
name: zod_1.z.string().optional(),
|
|
95
|
+
family_name: zod_1.z.string().optional(),
|
|
96
|
+
given_name: zod_1.z.string().optional(),
|
|
97
|
+
middle_name: zod_1.z.string().optional(),
|
|
98
|
+
nickname: zod_1.z.string().optional(),
|
|
99
|
+
preferred_username: zod_1.z.string().optional(),
|
|
100
|
+
gender: zod_1.z.string().optional(), // OpenID only defines "male" and "female" without forbidding other values
|
|
101
|
+
picture: zod_1.z.string().url().optional(),
|
|
102
|
+
profile: zod_1.z.string().url().optional(),
|
|
103
|
+
website: zod_1.z.string().url().optional(),
|
|
104
|
+
birthdate: zod_1.z
|
|
105
|
+
.string()
|
|
106
|
+
.regex(/\d{4}-\d{2}-\d{2}/) // YYYY-MM-DD
|
|
107
|
+
.optional(),
|
|
108
|
+
zoneinfo: zod_1.z
|
|
109
|
+
.string()
|
|
110
|
+
.regex(/^[A-Za-z0-9_/]+$/)
|
|
111
|
+
.optional(),
|
|
112
|
+
locale: zod_1.z
|
|
113
|
+
.string()
|
|
114
|
+
.regex(/^[a-z]{2}(-[A-Z]{2})?$/)
|
|
115
|
+
.optional(),
|
|
116
|
+
updated_at: zod_1.z.number().int().optional(),
|
|
117
|
+
// OpenID: "email" scope
|
|
118
|
+
email: zod_1.z.string().optional(),
|
|
119
|
+
email_verified: zod_1.z.boolean().optional(),
|
|
120
|
+
// OpenID: "phone" scope
|
|
121
|
+
phone_number: zod_1.z.string().optional(),
|
|
122
|
+
phone_number_verified: zod_1.z.boolean().optional(),
|
|
123
|
+
// OpenID: "address" scope
|
|
124
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
|
|
125
|
+
address: zod_1.z
|
|
126
|
+
.object({
|
|
127
|
+
formatted: zod_1.z.string().optional(),
|
|
128
|
+
street_address: zod_1.z.string().optional(),
|
|
129
|
+
locality: zod_1.z.string().optional(),
|
|
130
|
+
region: zod_1.z.string().optional(),
|
|
131
|
+
postal_code: zod_1.z.string().optional(),
|
|
132
|
+
country: zod_1.z.string().optional(),
|
|
133
|
+
})
|
|
134
|
+
.optional(),
|
|
135
|
+
// https://datatracker.ietf.org/doc/html/rfc9396#section-14.2
|
|
136
|
+
authorization_details: zod_1.z
|
|
137
|
+
.array(zod_1.z
|
|
138
|
+
.object({
|
|
139
|
+
type: zod_1.z.string(),
|
|
140
|
+
// https://datatracker.ietf.org/doc/html/rfc9396#section-2.2
|
|
141
|
+
locations: zod_1.z.array(zod_1.z.string()).optional(),
|
|
142
|
+
actions: zod_1.z.array(zod_1.z.string()).optional(),
|
|
143
|
+
datatypes: zod_1.z.array(zod_1.z.string()).optional(),
|
|
144
|
+
identifier: zod_1.z.string().optional(),
|
|
145
|
+
privileges: zod_1.z.array(zod_1.z.string()).optional(),
|
|
146
|
+
})
|
|
147
|
+
.passthrough())
|
|
148
|
+
.optional(),
|
|
149
|
+
});
|
|
150
|
+
//# sourceMappingURL=jwt.js.map
|
package/dist/jwt.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,qCAAuC;AACvC,uCAAgF;AAEnE,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,WAAW,CAAC,4BAAkB,CAAC;KAC/B,WAAW,CAAC,IAAA,0CAAgC,EAAC,CAAC,CAAC,CAAC,CAAA;AAG5C,MAAM,WAAW,GAAG,CAAC,IAAa,EAAqB,EAAE,CAC9D,uBAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AAD5B,QAAA,WAAW,eACiB;AAE5B,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,EAAE;KACR,WAAW,CAAC,4BAAkB,CAAC;KAC/B,WAAW,CAAC,IAAA,0CAAgC,EAAC,CAAC,CAAC,CAAC,CAAA;AAG5C,MAAM,aAAa,GAAG,CAAC,IAAa,EAAuB,EAAE,CAClE,yBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AAD9B,QAAA,aAAa,iBACiB;AAE3C;;GAEG;AACU,QAAA,eAAe,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,yCAAyC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,2CAA2C;IAC3C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,4CAA4C;IAC5C,GAAG,EAAE,OAAC;SACH,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1B,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACzB,CAAC;SACD,QAAQ,EAAE;IACb,sCAAsC;IACtC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yCAAyC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,uDAAuD;IACvD,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACnC,kEAAkE;IAClE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yEAAyE;IACzE,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,oCAAoC;IACpC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,4CAA4C;IAC5C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,yCAAyC;IACzC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAIF,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACnC,gDAAgD;IAChD,GAAG,EAAE,OAAC;SACH,MAAM,CAAC;QACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,SAAS;QACrC,GAAG,EAAE,qBAAY,CAAC,QAAQ,EAAE,EAAE,MAAM;QACpC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,gBAAgB;QAC5C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,8CAA8C;QAEhF,4DAA4D;QAC5D,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAE1B,gDAAgD;QAChD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,uCAAuC;QAE1E,gDAAgD;QAChD,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,qHAAqH;KAClJ,CAAC;SACD,QAAQ,EAAE;IAEb,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEhC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE5B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEtC,uEAAuE;IAEvE,0BAA0B;IAC1B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,0EAA0E;IACzG,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,OAAC;SACT,MAAM,EAAE;SACR,KAAK,CAAC,mBAAmB,CAAC,CAAC,aAAa;SACxC,QAAQ,EAAE;IACb,QAAQ,EAAE,OAAC;SACR,MAAM,EAAE;SACR,KAAK,CAAC,kBAAkB,CAAC;SACzB,QAAQ,EAAE;IACb,MAAM,EAAE,OAAC;SACN,MAAM,EAAE;SACR,KAAK,CAAC,wBAAwB,CAAC;SAC/B,QAAQ,EAAE;IACb,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEvC,wBAAwB;IACxB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAEtC,wBAAwB;IACxB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAE7C,0BAA0B;IAC1B,qEAAqE;IACrE,OAAO,EAAE,OAAC;SACP,MAAM,CAAC;QACN,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC/B,CAAC;SACD,QAAQ,EAAE;IAEb,6DAA6D;IAC7D,qBAAqB,EAAE,OAAC;SACrB,KAAK,CACJ,OAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;QAChB,4DAA4D;QAC5D,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACzC,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACvC,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACzC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC3C,CAAC;SACD,WAAW,EAAE,CACjB;SACA,QAAQ,EAAE;CACd,CAAC,CAAA"}
|
package/dist/key.d.ts
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { Jwk } from './jwk.js';
|
|
2
|
+
import { VerifyOptions, VerifyPayload, VerifyResult } from './jwt-verify.js';
|
|
3
|
+
import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js';
|
|
4
|
+
export declare abstract class Key {
|
|
5
|
+
protected readonly jwk: Readonly<Jwk>;
|
|
6
|
+
constructor(jwk: Readonly<Jwk>);
|
|
7
|
+
get isPrivate(): boolean;
|
|
8
|
+
get isSymetric(): boolean;
|
|
9
|
+
get privateJwk(): Jwk | undefined;
|
|
10
|
+
get publicJwk(): Jwk | undefined;
|
|
11
|
+
get bareJwk(): Jwk | undefined;
|
|
12
|
+
get use(): "sig" | "enc";
|
|
13
|
+
/**
|
|
14
|
+
* The (forced) algorithm to use. If not provided, the key will be usable with
|
|
15
|
+
* any of the algorithms in {@link algorithms}.
|
|
16
|
+
*
|
|
17
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1 | "alg" (Algorithm) Header Parameter Values for JWS}
|
|
18
|
+
*/
|
|
19
|
+
get alg(): string | undefined;
|
|
20
|
+
get kid(): string | undefined;
|
|
21
|
+
get crv(): "P-256" | "P-384" | "P-521" | "secp256k1" | "Ed25519" | "Ed448" | undefined;
|
|
22
|
+
/**
|
|
23
|
+
* All the algorithms that this key can be used with. If `alg` is provided,
|
|
24
|
+
* this set will only contain that algorithm.
|
|
25
|
+
*/
|
|
26
|
+
get algorithms(): readonly string[];
|
|
27
|
+
/**
|
|
28
|
+
* Create a signed JWT
|
|
29
|
+
*/
|
|
30
|
+
abstract createJwt(header: JwtHeader, payload: JwtPayload): Promise<SignedJwt>;
|
|
31
|
+
/**
|
|
32
|
+
* Verify the signature, headers and payload of a JWT
|
|
33
|
+
*
|
|
34
|
+
* @throws {JwtVerifyError} if the JWT is invalid
|
|
35
|
+
*/
|
|
36
|
+
abstract verifyJwt<P extends VerifyPayload = JwtPayload, C extends string = string>(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C>>;
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=key.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../src/key.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAa,MAAM,UAAU,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC5E,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAG3D,8BAAsB,GAAG;IACX,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC;gBAAlB,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC;IAKjD,IAAI,SAAS,IAAI,OAAO,CAKvB;IAED,IAAI,UAAU,IAAI,OAAO,CAIxB;IAED,IAAI,UAAU,IAAI,GAAG,GAAG,SAAS,CAEhC;IAED,IACI,SAAS,IAAI,GAAG,GAAG,SAAS,CAO/B;IAED,IACI,OAAO,IAAI,GAAG,GAAG,SAAS,CAI7B;IAED,IAAI,GAAG,kBAEN;IAED;;;;;OAKG;IACH,IAAI,GAAG,uBAEN;IAED,IAAI,GAAG,uBAEN;IAED,IAAI,GAAG,gFAEN;IAED;;;OAGG;IACH,IACI,UAAU,IAAI,SAAS,MAAM,EAAE,CAElC;IAED;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC;IAE9E;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAChB,CAAC,SAAS,aAAa,GAAG,UAAU,EACpC,CAAC,SAAS,MAAM,GAAG,MAAM,EACzB,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;CAC7E"}
|
package/dist/key.js
ADDED
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
|
|
3
|
+
var useValue = arguments.length > 2;
|
|
4
|
+
for (var i = 0; i < initializers.length; i++) {
|
|
5
|
+
value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
|
|
6
|
+
}
|
|
7
|
+
return useValue ? value : void 0;
|
|
8
|
+
};
|
|
9
|
+
var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
|
|
10
|
+
function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
|
|
11
|
+
var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
|
|
12
|
+
var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
|
|
13
|
+
var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
|
|
14
|
+
var _, done = false;
|
|
15
|
+
for (var i = decorators.length - 1; i >= 0; i--) {
|
|
16
|
+
var context = {};
|
|
17
|
+
for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
|
|
18
|
+
for (var p in contextIn.access) context.access[p] = contextIn.access[p];
|
|
19
|
+
context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
|
|
20
|
+
var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
|
|
21
|
+
if (kind === "accessor") {
|
|
22
|
+
if (result === void 0) continue;
|
|
23
|
+
if (result === null || typeof result !== "object") throw new TypeError("Object expected");
|
|
24
|
+
if (_ = accept(result.get)) descriptor.get = _;
|
|
25
|
+
if (_ = accept(result.set)) descriptor.set = _;
|
|
26
|
+
if (_ = accept(result.init)) initializers.unshift(_);
|
|
27
|
+
}
|
|
28
|
+
else if (_ = accept(result)) {
|
|
29
|
+
if (kind === "field") initializers.unshift(_);
|
|
30
|
+
else descriptor[key] = _;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
if (target) Object.defineProperty(target, contextIn.name, descriptor);
|
|
34
|
+
done = true;
|
|
35
|
+
};
|
|
36
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
37
|
+
exports.Key = void 0;
|
|
38
|
+
const alg_js_1 = require("./alg.js");
|
|
39
|
+
const errors_js_1 = require("./errors.js");
|
|
40
|
+
const jwk_js_1 = require("./jwk.js");
|
|
41
|
+
const util_js_1 = require("./util.js");
|
|
42
|
+
let Key = (() => {
|
|
43
|
+
var _a;
|
|
44
|
+
let _instanceExtraInitializers = [];
|
|
45
|
+
let _get_publicJwk_decorators;
|
|
46
|
+
let _get_bareJwk_decorators;
|
|
47
|
+
let _get_algorithms_decorators;
|
|
48
|
+
return _a = class Key {
|
|
49
|
+
constructor(jwk) {
|
|
50
|
+
Object.defineProperty(this, "jwk", {
|
|
51
|
+
enumerable: true,
|
|
52
|
+
configurable: true,
|
|
53
|
+
writable: true,
|
|
54
|
+
value: (__runInitializers(this, _instanceExtraInitializers), jwk)
|
|
55
|
+
});
|
|
56
|
+
// A key should always be used either for signing or encryption.
|
|
57
|
+
if (!jwk.use)
|
|
58
|
+
throw new errors_js_1.JwkError('Missing "use" Parameter value');
|
|
59
|
+
}
|
|
60
|
+
get isPrivate() {
|
|
61
|
+
const { jwk } = this;
|
|
62
|
+
if ('d' in jwk && jwk.d !== undefined)
|
|
63
|
+
return true;
|
|
64
|
+
if ('k' in jwk && jwk.k !== undefined)
|
|
65
|
+
return true;
|
|
66
|
+
return false;
|
|
67
|
+
}
|
|
68
|
+
get isSymetric() {
|
|
69
|
+
const { jwk } = this;
|
|
70
|
+
if ('k' in jwk && jwk.k !== undefined)
|
|
71
|
+
return true;
|
|
72
|
+
return false;
|
|
73
|
+
}
|
|
74
|
+
get privateJwk() {
|
|
75
|
+
return this.isPrivate ? this.jwk : undefined;
|
|
76
|
+
}
|
|
77
|
+
get publicJwk() {
|
|
78
|
+
if (this.isSymetric)
|
|
79
|
+
return undefined;
|
|
80
|
+
if (this.isPrivate) {
|
|
81
|
+
const { d: _, ...jwk } = this.jwk;
|
|
82
|
+
return jwk;
|
|
83
|
+
}
|
|
84
|
+
return this.jwk;
|
|
85
|
+
}
|
|
86
|
+
get bareJwk() {
|
|
87
|
+
if (this.isSymetric)
|
|
88
|
+
return undefined;
|
|
89
|
+
const { kty, crv, e, n, x, y } = this.jwk;
|
|
90
|
+
return jwk_js_1.jwkSchema.parse({ crv, e, kty, n, x, y });
|
|
91
|
+
}
|
|
92
|
+
get use() {
|
|
93
|
+
return this.jwk.use;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* The (forced) algorithm to use. If not provided, the key will be usable with
|
|
97
|
+
* any of the algorithms in {@link algorithms}.
|
|
98
|
+
*
|
|
99
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1 | "alg" (Algorithm) Header Parameter Values for JWS}
|
|
100
|
+
*/
|
|
101
|
+
get alg() {
|
|
102
|
+
return this.jwk.alg;
|
|
103
|
+
}
|
|
104
|
+
get kid() {
|
|
105
|
+
return this.jwk.kid;
|
|
106
|
+
}
|
|
107
|
+
get crv() {
|
|
108
|
+
return this.jwk.crv;
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* All the algorithms that this key can be used with. If `alg` is provided,
|
|
112
|
+
* this set will only contain that algorithm.
|
|
113
|
+
*/
|
|
114
|
+
get algorithms() {
|
|
115
|
+
return Array.from((0, alg_js_1.jwkAlgorithms)(this.jwk));
|
|
116
|
+
}
|
|
117
|
+
},
|
|
118
|
+
(() => {
|
|
119
|
+
const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
|
|
120
|
+
_get_publicJwk_decorators = [util_js_1.cachedGetter];
|
|
121
|
+
_get_bareJwk_decorators = [util_js_1.cachedGetter];
|
|
122
|
+
_get_algorithms_decorators = [util_js_1.cachedGetter];
|
|
123
|
+
__esDecorate(_a, null, _get_publicJwk_decorators, { kind: "getter", name: "publicJwk", static: false, private: false, access: { has: obj => "publicJwk" in obj, get: obj => obj.publicJwk }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
124
|
+
__esDecorate(_a, null, _get_bareJwk_decorators, { kind: "getter", name: "bareJwk", static: false, private: false, access: { has: obj => "bareJwk" in obj, get: obj => obj.bareJwk }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
125
|
+
__esDecorate(_a, null, _get_algorithms_decorators, { kind: "getter", name: "algorithms", static: false, private: false, access: { has: obj => "algorithms" in obj, get: obj => obj.algorithms }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
126
|
+
if (_metadata) Object.defineProperty(_a, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
|
|
127
|
+
})(),
|
|
128
|
+
_a;
|
|
129
|
+
})();
|
|
130
|
+
exports.Key = Key;
|
|
131
|
+
//# sourceMappingURL=key.js.map
|
package/dist/key.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key.js","sourceRoot":"","sources":["../src/key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAwC;AACxC,2CAAsC;AACtC,qCAAyC;AAGzC,uCAAwC;IAElB,GAAG;;;;;;sBAAH,GAAG;YACvB,YAA+B,GAAkB;gBAArC;;;;4BADQ,mDAAG,EACQ,GAAG;mBAAe;gBAC/C,gEAAgE;gBAChE,IAAI,CAAC,GAAG,CAAC,GAAG;oBAAE,MAAM,IAAI,oBAAQ,CAAC,+BAA+B,CAAC,CAAA;YACnE,CAAC;YAED,IAAI,SAAS;gBACX,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;gBACpB,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,OAAO,KAAK,CAAA;YACd,CAAC;YAED,IAAI,UAAU;gBACZ,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;gBACpB,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAA;gBAClD,OAAO,KAAK,CAAA;YACd,CAAC;YAED,IAAI,UAAU;gBACZ,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;YAC9C,CAAC;YAGD,IAAI,SAAS;gBACX,IAAI,IAAI,CAAC,UAAU;oBAAE,OAAO,SAAS,CAAA;gBACrC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACnB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,GAAU,CAAA;oBACxC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBACD,OAAO,IAAI,CAAC,GAAG,CAAA;YACjB,CAAC;YAGD,IAAI,OAAO;gBACT,IAAI,IAAI,CAAC,UAAU;oBAAE,OAAO,SAAS,CAAA;gBACrC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,GAAU,CAAA;gBAChD,OAAO,kBAAS,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;YAClD,CAAC;YAED,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAI,CAAA;YACtB,CAAC;YAED;;;;;eAKG;YACH,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;YACrB,CAAC;YAED,IAAI,GAAG;gBACL,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAA;YACrB,CAAC;YAED,IAAI,GAAG;gBACL,OAAQ,IAAI,CAAC,GAA2D,CAAC,GAAG,CAAA;YAC9E,CAAC;YAED;;;eAGG;YAEH,IAAI,UAAU;gBACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;YAC5C,CAAC;;;;yCA9CA,sBAAY;uCAUZ,sBAAY;0CAiCZ,sBAAY;YA1Cb,gLAAI,SAAS,6DAOZ;YAGD,0KAAI,OAAO,6DAIV;YA6BD,mLAAI,UAAU,6DAEb;;;;;AArEmB,kBAAG"}
|
package/dist/keyset.d.ts
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { Jwks } from './jwks.js';
|
|
2
|
+
import { VerifyOptions, VerifyResult } from './jwt-verify.js';
|
|
3
|
+
import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js';
|
|
4
|
+
import { Key } from './key.js';
|
|
5
|
+
import { Override } from './util.js';
|
|
6
|
+
export type JwtSignHeader = Override<JwtHeader, Pick<KeySearch, 'alg' | 'kid'>>;
|
|
7
|
+
export type JwtPayloadGetter<P = JwtPayload> = (header: JwtHeader, key: Key) => P | PromiseLike<P>;
|
|
8
|
+
export type KeySearch = {
|
|
9
|
+
use?: 'sig' | 'enc';
|
|
10
|
+
kid?: string | string[];
|
|
11
|
+
alg?: string | string[];
|
|
12
|
+
};
|
|
13
|
+
export declare class Keyset<K extends Key = Key> implements Iterable<K> {
|
|
14
|
+
/**
|
|
15
|
+
* The preferred algorithms to use when signing a JWT using this keyset.
|
|
16
|
+
*
|
|
17
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
|
|
18
|
+
*/
|
|
19
|
+
readonly preferredSigningAlgorithms: readonly string[];
|
|
20
|
+
private readonly keys;
|
|
21
|
+
constructor(iterable: Iterable<K | null | undefined | false>,
|
|
22
|
+
/**
|
|
23
|
+
* The preferred algorithms to use when signing a JWT using this keyset.
|
|
24
|
+
*
|
|
25
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
|
|
26
|
+
*/
|
|
27
|
+
preferredSigningAlgorithms?: readonly string[]);
|
|
28
|
+
get signAlgorithms(): readonly string[];
|
|
29
|
+
get publicJwks(): Jwks;
|
|
30
|
+
get privateJwks(): Jwks;
|
|
31
|
+
has(kid: string): boolean;
|
|
32
|
+
get(search: KeySearch): K;
|
|
33
|
+
list(search: KeySearch): Generator<K>;
|
|
34
|
+
findKey({ kid, alg, use }: KeySearch): [key: Key, alg: string];
|
|
35
|
+
[Symbol.iterator](): IterableIterator<K>;
|
|
36
|
+
createJwt({ alg: sAlg, kid: sKid, ...header }: JwtSignHeader, payload: JwtPayload | JwtPayloadGetter): Promise<SignedJwt>;
|
|
37
|
+
verifyJwt<P extends Record<string, unknown> = JwtPayload, C extends string = string>(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C> & {
|
|
38
|
+
key: K;
|
|
39
|
+
}>;
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=keyset.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keyset.d.ts","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAEhC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC7D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAC3D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAC9B,OAAO,EACL,QAAQ,EAKT,MAAM,WAAW,CAAA;AAElB,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,GAAG,KAAK,CAAC,CAAC,CAAA;AAE/E,MAAM,MAAM,gBAAgB,CAAC,CAAC,GAAG,UAAU,IAAI,CAC7C,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,GAAG,KACL,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;AAEvB,MAAM,MAAM,SAAS,GAAG;IACtB,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IACvB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CACxB,CAAA;AAKD,qBAAa,MAAM,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,YAAW,QAAQ,CAAC,CAAC,CAAC;IAK3D;;;;OAIG;aACa,0BAA0B,EAAE,SAAS,MAAM,EAAE;IAT/D,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAc;gBAGjC,QAAQ,EAAE,QAAQ,CAAC,CAAC,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,CAAC;IAChD;;;;OAIG;IACa,0BAA0B,GAAE,SAAS,MAAM,EAetD;IAmBP,IACI,cAAc,IAAI,SAAS,MAAM,EAAE,CAWtC;IAED,IACI,UAAU,IAAI,IAAI,CAIrB;IAED,IACI,WAAW,IAAI,IAAI,CAItB;IAED,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB,GAAG,CAAC,MAAM,EAAE,SAAS,GAAG,CAAC;IAWxB,IAAI,CAAC,MAAM,EAAE,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC;IAwBtC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC;IAsC9D,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,gBAAgB,CAAC,CAAC,CAAC;IAIlC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,EAAE,aAAa,EAClD,OAAO,EAAE,UAAU,GAAG,gBAAgB,GACrC,OAAO,CAAC,SAAS,CAAC;IAef,SAAS,CACb,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,EAC9C,CAAC,SAAS,MAAM,GAAG,MAAM,EAEzB,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG;QAAE,GAAG,EAAE,CAAC,CAAA;KAAE,CAAC;CAwB5C"}
|
package/dist/keyset.js
ADDED
|
@@ -0,0 +1,234 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
|
|
3
|
+
var useValue = arguments.length > 2;
|
|
4
|
+
for (var i = 0; i < initializers.length; i++) {
|
|
5
|
+
value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
|
|
6
|
+
}
|
|
7
|
+
return useValue ? value : void 0;
|
|
8
|
+
};
|
|
9
|
+
var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
|
|
10
|
+
function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
|
|
11
|
+
var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
|
|
12
|
+
var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
|
|
13
|
+
var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
|
|
14
|
+
var _, done = false;
|
|
15
|
+
for (var i = decorators.length - 1; i >= 0; i--) {
|
|
16
|
+
var context = {};
|
|
17
|
+
for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
|
|
18
|
+
for (var p in contextIn.access) context.access[p] = contextIn.access[p];
|
|
19
|
+
context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
|
|
20
|
+
var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
|
|
21
|
+
if (kind === "accessor") {
|
|
22
|
+
if (result === void 0) continue;
|
|
23
|
+
if (result === null || typeof result !== "object") throw new TypeError("Object expected");
|
|
24
|
+
if (_ = accept(result.get)) descriptor.get = _;
|
|
25
|
+
if (_ = accept(result.set)) descriptor.set = _;
|
|
26
|
+
if (_ = accept(result.init)) initializers.unshift(_);
|
|
27
|
+
}
|
|
28
|
+
else if (_ = accept(result)) {
|
|
29
|
+
if (kind === "field") initializers.unshift(_);
|
|
30
|
+
else descriptor[key] = _;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
if (target) Object.defineProperty(target, contextIn.name, descriptor);
|
|
34
|
+
done = true;
|
|
35
|
+
};
|
|
36
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
37
|
+
exports.Keyset = void 0;
|
|
38
|
+
const errors_js_1 = require("./errors.js");
|
|
39
|
+
const jwt_decode_js_1 = require("./jwt-decode.js");
|
|
40
|
+
const util_js_1 = require("./util.js");
|
|
41
|
+
const extractPrivateJwk = (key) => key.privateJwk;
|
|
42
|
+
const extractPublicJwk = (key) => key.publicJwk;
|
|
43
|
+
let Keyset = (() => {
|
|
44
|
+
var _a;
|
|
45
|
+
let _instanceExtraInitializers = [];
|
|
46
|
+
let _get_signAlgorithms_decorators;
|
|
47
|
+
let _get_publicJwks_decorators;
|
|
48
|
+
let _get_privateJwks_decorators;
|
|
49
|
+
return _a = class Keyset {
|
|
50
|
+
constructor(iterable,
|
|
51
|
+
/**
|
|
52
|
+
* The preferred algorithms to use when signing a JWT using this keyset.
|
|
53
|
+
*
|
|
54
|
+
* @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}
|
|
55
|
+
*/
|
|
56
|
+
preferredSigningAlgorithms = iterable instanceof
|
|
57
|
+
_a
|
|
58
|
+
? [...iterable.preferredSigningAlgorithms]
|
|
59
|
+
: [
|
|
60
|
+
// Prefer elliptic curve algorithms
|
|
61
|
+
'EdDSA',
|
|
62
|
+
'ES256K',
|
|
63
|
+
'ES256',
|
|
64
|
+
// https://datatracker.ietf.org/doc/html/rfc7518#section-3.5
|
|
65
|
+
'PS256',
|
|
66
|
+
'PS384',
|
|
67
|
+
'PS512',
|
|
68
|
+
'HS256',
|
|
69
|
+
'HS384',
|
|
70
|
+
'HS512',
|
|
71
|
+
]) {
|
|
72
|
+
Object.defineProperty(this, "preferredSigningAlgorithms", {
|
|
73
|
+
enumerable: true,
|
|
74
|
+
configurable: true,
|
|
75
|
+
writable: true,
|
|
76
|
+
value: (__runInitializers(this, _instanceExtraInitializers), preferredSigningAlgorithms)
|
|
77
|
+
});
|
|
78
|
+
Object.defineProperty(this, "keys", {
|
|
79
|
+
enumerable: true,
|
|
80
|
+
configurable: true,
|
|
81
|
+
writable: true,
|
|
82
|
+
value: void 0
|
|
83
|
+
});
|
|
84
|
+
const keys = [];
|
|
85
|
+
const kids = new Set();
|
|
86
|
+
for (const key of iterable) {
|
|
87
|
+
if (!key)
|
|
88
|
+
continue;
|
|
89
|
+
keys.push(key);
|
|
90
|
+
if (key.kid) {
|
|
91
|
+
if (kids.has(key.kid))
|
|
92
|
+
throw new errors_js_1.JwkError(`Duplicate key: ${key.kid}`);
|
|
93
|
+
else
|
|
94
|
+
kids.add(key.kid);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
this.keys = Object.freeze(keys);
|
|
98
|
+
}
|
|
99
|
+
get signAlgorithms() {
|
|
100
|
+
const algorithms = new Set();
|
|
101
|
+
for (const key of this) {
|
|
102
|
+
if (key.use !== 'sig')
|
|
103
|
+
continue;
|
|
104
|
+
for (const alg of key.algorithms) {
|
|
105
|
+
algorithms.add(alg);
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
return Object.freeze([...algorithms].sort((0, util_js_1.preferredOrderCmp)(this.preferredSigningAlgorithms)));
|
|
109
|
+
}
|
|
110
|
+
get publicJwks() {
|
|
111
|
+
return {
|
|
112
|
+
keys: Array.from(this, extractPublicJwk).filter(util_js_1.isDefined),
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
get privateJwks() {
|
|
116
|
+
return {
|
|
117
|
+
keys: Array.from(this, extractPrivateJwk).filter(util_js_1.isDefined),
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
has(kid) {
|
|
121
|
+
return this.keys.some((key) => key.kid === kid);
|
|
122
|
+
}
|
|
123
|
+
get(search) {
|
|
124
|
+
for (const key of this.list(search)) {
|
|
125
|
+
return key;
|
|
126
|
+
}
|
|
127
|
+
throw new errors_js_1.JwkError(`Key not found ${search.kid || search.alg || '<unknown>'}`, errors_js_1.ERR_JWK_NOT_FOUND);
|
|
128
|
+
}
|
|
129
|
+
*list(search) {
|
|
130
|
+
// Optimization: Empty string or empty array will not match any key
|
|
131
|
+
if (search.kid?.length === 0)
|
|
132
|
+
return;
|
|
133
|
+
if (search.alg?.length === 0)
|
|
134
|
+
return;
|
|
135
|
+
for (const key of this) {
|
|
136
|
+
if (search.use && key.use !== search.use)
|
|
137
|
+
continue;
|
|
138
|
+
if (Array.isArray(search.kid)) {
|
|
139
|
+
if (!key.kid || !search.kid.includes(key.kid))
|
|
140
|
+
continue;
|
|
141
|
+
}
|
|
142
|
+
else if (search.kid) {
|
|
143
|
+
if (key.kid !== search.kid)
|
|
144
|
+
continue;
|
|
145
|
+
}
|
|
146
|
+
if (Array.isArray(search.alg)) {
|
|
147
|
+
if (!search.alg.some((a) => key.algorithms.includes(a)))
|
|
148
|
+
continue;
|
|
149
|
+
}
|
|
150
|
+
else if (typeof search.alg === 'string') {
|
|
151
|
+
if (!key.algorithms.includes(search.alg))
|
|
152
|
+
continue;
|
|
153
|
+
}
|
|
154
|
+
yield key;
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
findKey({ kid, alg, use }) {
|
|
158
|
+
const matchingKeys = [];
|
|
159
|
+
for (const key of this.list({ kid, alg, use })) {
|
|
160
|
+
// Not a signing key
|
|
161
|
+
if (!key.isPrivate)
|
|
162
|
+
continue;
|
|
163
|
+
// Skip negotiation if a specific "alg" was provided
|
|
164
|
+
if (typeof alg === 'string')
|
|
165
|
+
return [key, alg];
|
|
166
|
+
matchingKeys.push(key);
|
|
167
|
+
}
|
|
168
|
+
const isAllowedAlg = (0, util_js_1.matchesAny)(alg);
|
|
169
|
+
const candidates = matchingKeys.map((key) => [key, key.algorithms.filter(isAllowedAlg)]);
|
|
170
|
+
// Return the first candidates that matches the preferred algorithms
|
|
171
|
+
for (const prefAlg of this.preferredSigningAlgorithms) {
|
|
172
|
+
for (const [matchingKey, matchingAlgs] of candidates) {
|
|
173
|
+
if (matchingAlgs.includes(prefAlg))
|
|
174
|
+
return [matchingKey, prefAlg];
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
// Return any candidate
|
|
178
|
+
for (const [matchingKey, matchingAlgs] of candidates) {
|
|
179
|
+
for (const alg of matchingAlgs) {
|
|
180
|
+
return [matchingKey, alg];
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
throw new errors_js_1.JwkError(`No singing key found for ${kid || alg || use || '<unknown>'}`, errors_js_1.ERR_JWK_NOT_FOUND);
|
|
184
|
+
}
|
|
185
|
+
[(_get_signAlgorithms_decorators = [util_js_1.cachedGetter], _get_publicJwks_decorators = [util_js_1.cachedGetter], _get_privateJwks_decorators = [util_js_1.cachedGetter], Symbol.iterator)]() {
|
|
186
|
+
return this.keys.values();
|
|
187
|
+
}
|
|
188
|
+
async createJwt({ alg: sAlg, kid: sKid, ...header }, payload) {
|
|
189
|
+
try {
|
|
190
|
+
const [key, alg] = this.findKey({ alg: sAlg, kid: sKid, use: 'sig' });
|
|
191
|
+
const protectedHeader = { ...header, alg, kid: key.kid };
|
|
192
|
+
if (typeof payload === 'function') {
|
|
193
|
+
payload = await payload(protectedHeader, key);
|
|
194
|
+
}
|
|
195
|
+
return await key.createJwt(protectedHeader, payload);
|
|
196
|
+
}
|
|
197
|
+
catch (err) {
|
|
198
|
+
throw errors_js_1.JwtCreateError.from(err);
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
async verifyJwt(token, options) {
|
|
202
|
+
const { header } = (0, jwt_decode_js_1.unsafeDecodeJwt)(token);
|
|
203
|
+
const { kid, alg } = header;
|
|
204
|
+
const errors = [];
|
|
205
|
+
for (const key of this.list({ kid, alg })) {
|
|
206
|
+
try {
|
|
207
|
+
const result = await key.verifyJwt(token, options);
|
|
208
|
+
return { ...result, key };
|
|
209
|
+
}
|
|
210
|
+
catch (err) {
|
|
211
|
+
errors.push(err);
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
switch (errors.length) {
|
|
215
|
+
case 0:
|
|
216
|
+
throw new errors_js_1.JwtVerifyError('No key matched', errors_js_1.ERR_JWKS_NO_MATCHING_KEY);
|
|
217
|
+
case 1:
|
|
218
|
+
throw errors_js_1.JwtVerifyError.from(errors[0], errors_js_1.ERR_JWT_INVALID);
|
|
219
|
+
default:
|
|
220
|
+
throw errors_js_1.JwtVerifyError.from(errors, errors_js_1.ERR_JWT_INVALID);
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
},
|
|
224
|
+
(() => {
|
|
225
|
+
const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
|
|
226
|
+
__esDecorate(_a, null, _get_signAlgorithms_decorators, { kind: "getter", name: "signAlgorithms", static: false, private: false, access: { has: obj => "signAlgorithms" in obj, get: obj => obj.signAlgorithms }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
227
|
+
__esDecorate(_a, null, _get_publicJwks_decorators, { kind: "getter", name: "publicJwks", static: false, private: false, access: { has: obj => "publicJwks" in obj, get: obj => obj.publicJwks }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
228
|
+
__esDecorate(_a, null, _get_privateJwks_decorators, { kind: "getter", name: "privateJwks", static: false, private: false, access: { has: obj => "privateJwks" in obj, get: obj => obj.privateJwks }, metadata: _metadata }, null, _instanceExtraInitializers);
|
|
229
|
+
if (_metadata) Object.defineProperty(_a, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
|
|
230
|
+
})(),
|
|
231
|
+
_a;
|
|
232
|
+
})();
|
|
233
|
+
exports.Keyset = Keyset;
|
|
234
|
+
//# sourceMappingURL=keyset.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keyset.js","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAOoB;AAGpB,mDAAiD;AAIjD,uCAMkB;AAelB,MAAM,iBAAiB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,UAAU,CAAA;AACvE,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAA;IAExD,MAAM;;;;;;sBAAN,MAAM;YAGjB,YACE,QAAgD;YAChD;;;;eAIG;YACa,6BAAgD,QAAQ;gBACxE,EAAM;gBACJ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,0BAA0B,CAAC;gBAC1C,CAAC,CAAC;oBACE,mCAAmC;oBACnC,OAAO;oBACP,QAAQ;oBACR,OAAO;oBACP,4DAA4D;oBAC5D,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;iBACR;gBAfL;;;;4BAVS,mDAAM,EAUC,0BAA0B;mBAerC;gBAxBU;;;;;mBAAkB;gBA0BjC,MAAM,IAAI,GAAQ,EAAE,CAAA;gBAEpB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;gBAC9B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,IAAI,CAAC,GAAG;wBAAE,SAAQ;oBAElB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAEd,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;wBACZ,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,MAAM,IAAI,oBAAQ,CAAC,kBAAkB,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;;4BACjE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACxB,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;YAGD,IAAI,cAAc;gBAChB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;gBACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK;wBAAE,SAAQ;oBAC/B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACjC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACrB,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,CAAC,MAAM,CAClB,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CACzE,CAAA;YACH,CAAC;YAGD,IAAI,UAAU;gBACZ,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC3D,CAAA;YACH,CAAC;YAGD,IAAI,WAAW;gBACb,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC5D,CAAA;YACH,CAAC;YAED,GAAG,CAAC,GAAW;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,GAAG,CAAC,MAAiB;gBACnB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACpC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,iBAAiB,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,EAC1D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,CAAC,IAAI,CAAC,MAAiB;gBACrB,mEAAmE;gBACnE,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBACpC,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBAEpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;wBAAE,SAAQ;oBAElD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACzD,CAAC;yBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;wBACtB,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;4BAAE,SAAQ;oBACtC,CAAC;oBAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;4BAAE,SAAQ;oBACnE,CAAC;yBAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACpD,CAAC;oBAED,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAED,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAa;gBAClC,MAAM,YAAY,GAAU,EAAE,CAAA;gBAE9B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC/C,oBAAoB;oBACpB,IAAI,CAAC,GAAG,CAAC,SAAS;wBAAE,SAAQ;oBAE5B,oDAAoD;oBACpD,IAAI,OAAO,GAAG,KAAK,QAAQ;wBAAE,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;oBAE9C,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACxB,CAAC;gBAED,MAAM,YAAY,GAAG,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CACjC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAU,CAC7D,CAAA;gBAED,oEAAoE;gBACpE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,0BAA0B,EAAE,CAAC;oBACtD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;wBACrD,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC;4BAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;oBACnE,CAAC;gBACH,CAAC;gBAED,uBAAuB;gBACvB,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;oBACrD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;wBAC/B,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;oBAC3B,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,4BAA4B,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,WAAW,EAAE,EAC9D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,oCAzGC,sBAAY,iCAcZ,sBAAY,kCAOZ,sBAAY,GAoFZ,MAAM,CAAC,QAAQ,EAAC;gBACf,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAA;YAC3B,CAAC;YAED,KAAK,CAAC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAiB,EAClD,OAAsC;gBAEtC,IAAI,CAAC;oBACH,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;oBACrE,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;oBAExD,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;wBAClC,OAAO,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;oBAC/C,CAAC;oBAED,OAAO,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;gBACtD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,0BAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;YAED,KAAK,CAAC,SAAS,CAIb,KAAgB,EAChB,OAA0B;gBAE1B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,KAAK,CAAC,CAAA;gBACzC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;gBAE3B,MAAM,MAAM,GAAc,EAAE,CAAA;gBAE5B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC1C,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAO,KAAK,EAAE,OAAO,CAAC,CAAA;wBACxD,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,CAAA;oBAC3B,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAClB,CAAC;gBACH,CAAC;gBAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,KAAK,CAAC;wBACJ,MAAM,IAAI,0BAAc,CAAC,gBAAgB,EAAE,oCAAwB,CAAC,CAAA;oBACtE,KAAK,CAAC;wBACJ,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,2BAAe,CAAC,CAAA;oBACvD;wBACE,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,EAAE,2BAAe,CAAC,CAAA;gBACtD,CAAC;YACH,CAAC;;;;YA3JD,+LAAI,cAAc,6DAWjB;YAGD,mLAAI,UAAU,6DAIb;YAGD,sLAAI,WAAW,6DAId;;;;;AAtEU,wBAAM"}
|